Computer networks are growing larger and are carrying much more sensitive information. For security's sake, computing devices using a network often form themselves into network groups and only communicate sensitive information with other group members. However, the vast majority of network groups are still vulnerable to security attacks. In one form of security attack, an attacker not authorized to join a group enters the group, possibly by impersonating a legitimate group member. Once in the group, the attacker has access to information meant only for legitimate group members. In a second form of attack, an attacker does not join the group, but eavesdrops on communications among group members in order to obtain security codes. With those security codes in hand, the eavesdropper can access sensitive information sent by the group members. These security attacks are especially worrisome to groups that communicate via wireless technologies because it is difficult or impossible to restrict physical access to these groups and to their communications.
These two forms of security attacks are addressed by two major aspects of communications security. First, authentication techniques are employed to ensure that only legitimate group members can join a network group. Authentication techniques are often based upon authentication credentials. In some cases, the authentication credentials include a secret security key shared between a computing device attempting to join a group and an authentication server already in the group. In other cases, the authentication credentials may be based upon public/private key pairs and security certificates. In any case, only after the computing device proves its knowledge of the authentication credentials does the authentication server allow it to join the group.
In a second aspect of communications security, information transmitted among members of a network group is encrypted. In a typical encryption method, the information sender and the receiver first agree upon an information-encoding scheme. The encoding scheme is based upon secret security keys, often, but not always, shared between the sender and the receiver. The sender encrypts the information using the agreed-upon encoding scheme and then sends the encrypted information to the receiver. Upon reception, the receiver decrypts the information using the agreed-upon encoding scheme. Although the encrypted information may still be eavesdropped, the eavesdropper cannot obtain the original information without knowing the security keys.
However, authentication and encryption do not always provide sufficient protection. For example, encrypted information is still subject to a number of attacks, including statistical attacks. In a statistical attack, an eavesdropper analyzes a set of encrypted messages in order to tease out patterns that are associated with the security scheme agreed upon by the sender and the receiver. From the patterns, the eavesdropper may discover the security keys underlying the agreed-upon security scheme and use them to decrypt the encrypted information.
Because of the statistical nature of this method of attack, its accuracy improves with an increasing number of messages analyzed. Thus one approach to frustrate statistical attacks is to limit the amount of information sent using any one security scheme. To do this, the security keys underlying the agreed-upon security scheme may be changed frequently. However, changing the security keys involves significant communications and processing overhead for the sender and the receiver. This overhead becomes an acute problem in exactly those situations where changing the security keys frequently is most useful: in wireless network groups.
A typical wireless network group contains an access server that communicates with all computing devices (also called “stations”) in the group and with all stations attempting to join the group. The access server also communicates with an authentication server. The authentication server may be located remotely from the wireless group and may serve several, sometimes hundreds, of wireless groups. When a station attempts to begin a session and join the group, it communicates through the access server to the authentication server. The station and the authentication server attempt to authenticate each other and, if the process is mutually successful, the station joins the wireless group and begins to communicate with the other stations already in the group. If the station terminates the communications session (thus leaving the group) and later wishes to restart another session (i.e., rejoin the group), the station repeats the mutual authentication process with the authentication server.
This mutual authentication process resets the security keys used by the station and by the authentication server. However, it is not feasible to use a station-to-authentication server method to frequently change the security keys. This would involve a bothersome interruption in communications while the station drops out of the communications session and then re-authenticates itself to the authentication server. Also, a typical authentication server is responsible for simply too many stations to be able to efficiently process frequent security key changes with each of them.
What is needed is a way for a computing device in a network group to change its security keys without communicating with an authentication server.